Server Optimization Settings
Apr 9, 2007
I have purchased a proxy website using phproxy script hosted at dedicated server. Its now about 4 months and everything is fine but i want to move my site to another dedicated server provider because current one has some issues.
When i purchased that site seller told me that he has optimized server and installed some scripts {server scripts} to get best out of proxy website. Now seller is out of my contact.
I am very much pleased with current server settings but i need to move. So i want to make sure that i can optimize new server and install same scripts to keep going with current performance.
I only know about http.conf settings and i have noted it ... plz help me about copying every other settings which that guy had done to optimize the server and how can i know which and where those scripts are installed which has made server quite efficient?
View 0 Replies
ADVERTISEMENT
Apr 18, 2007
i am having quite problem with my server i cant get it to optimize it. During peak times the load goes beyond 10 sometimes 20 to 50 sometimes its just under 1. I have my webserver running on P4 Core 2 6300, 1 GB ram, 250 HDD, on CentOS 4.4 (kernel 2.6.9-42.0.10) etc. It has cpanel/whm running Apache 1.3.7, php 4.4, mysql 4.1, mailscanner, eaccelerator, etc i dont know really what other info to show you.
I host about 200 accounts and there are 4 large php forums (not like WHT) running on it. Sometimes pages stop loading especially these forums have to refresh to get page load.
During day there are approx 700-900 connections.
Previously i had phpsuexec and the load never went beyond 4-5, i have removed it to install eaccelerator.
Here are my configurations
httpd.conf
Code:
RLimitMEM 200990378
RLimitCPU 240
Timeout 45
KeepAlive On
MaxKeepAliveRequests 512
KeepAliveTimeout 2
MinSpareServers 25
MaxSpareServers 35
StartServers 15
MaxClients 512
MaxRequestsPerChild 0
my.cnf
Code:
[mysqld]
port = 3306
socket = /var/lib/mysql/mysql.sock
skip-locking
skip-innodb
skip-networking
skip-name-resolve
query_cache_limit = 1M
query_cache_size = 64M
query_cache_type = 1
max_connections = 200
max_user_connections = 100
interactive_timeout = 30
wait_timeout = 30
connect_timeout = 10
thread_cache_size = 80
key_buffer = 256M
join_buffer = 1M
max_allowed_packet = 8M
table_cache = 1500
record_buffer = 1M
sort_buffer_size = 1M
read_buffer_size = 1M
max_connect_errors = 100
# Try number of CPU's*2 for thread_concurrency
thread_concurrency = 4
myisam_sort_buffer_size = 32M
#log-bin
server-id = 1
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[isamchk]
key_buffer = 128M
sort_buffer_size = 128M
read_buffer = 1M
write_buffer = 1M
[myisamchk]
key_buffer =128M
sort_buffer_size = 128M
read_buffer = 1M
write_buffer = 1M
[mysqlhotcopy]
interactive-timeout
top
Code:
top - 13:24:33 up 1 day, 23:24, 1 user, load average: 1.99, 2.26, 3.45
Tasks: 174 total, 1 running, 173 sleeping, 0 stopped, 0 zombie
Cpu(s): 13.3% us, 12.1% sy, 0.0% ni, 13.6% id, 31.8% wa, 29.1% hi, 0.0% si
Mem: 1000952k total, 974492k used, 26460k free, 49024k buffers
Swap: 2031608k total, 171580k used, 1860028k free, 288344k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
10804 mysql 15 0 354m 80m 2744 S 35 8.2 4:00.68 mysqld
12849 nobody 15 0 65816 33m 14m S 10 3.4 0:04.56 httpd
2956 named 18 0 66944 18m 1152 S 3 1.9 40:53.96 named
12800 nobody 15 0 57260 28m 17m S 3 2.9 0:06.95 httpd
336 root 15 0 0 0 0 D 3 0.0 112:24.57 kjournald
12854 nobody 15 0 55008 22m 14m S 2 2.3 0:03.68 httpd
12870 nobody 16 0 55108 23m 14m S 1 2.4 0:04.49 httpd
6373 root 0 -20 0 0 0 S 1 0.0 1:13.66 loop0
32021 mailnull 17 0 42500 13m 2480 S 1 1.4 0:09.05 MailScanner
12720 nobody 16 0 56088 22m 12m S 1 2.3 0:04.67 httpd
12877 nobody 15 0 55068 23m 15m S 1 2.4 0:04.05 httpd
12725 nobody 15 0 54836 19m 11m S 1 2.0 0:04.01 httpd
12831 nobody 15 0 55468 25m 16m S 1 2.6 0:03.80 httpd
12859 nobody 15 0 54932 22m 14m S 1 2.3 0:03.75 httpd
7 root 5 -10 0 0 0 S 0 0.0 0:28.61 events/1
30091 root 15 0 2828 520 452 D 0 0.1 0:45.08 syslogd
31213 mailnull 16 0 44896 14m 2472 S 0 1.5 0:13.50 MailScanner
12716 nobody 15 0 56016 24m 14m S 0 2.5 0:04.20 httpd
12774 nobody 15 0 56272 25m 16m S 0 2.6 0:04.76 httpd
12843 nobody 15 0 55156 23m 15m S 0 2.4 0:04.38 httpd
12851 nobody 15 0 56184 21m 11m S 0 2.2 0:03.58 httpd
12853 nobody 15 0 54888 22m 14m S 0 2.3 0:03.39 httpd
12864 nobody 16 0 54920 23m 14m S 0 2.4 0:04.43 httpd
13555 nobody 15 0 54492 21m 13m S 0 2.2 0:02.39 httpd
15385 nobody 16 0 52564 8388 2052 S 0 0.8 0:00.08 httpd
1 root 16 0 2260 396 368 S 0 0.0 0:06.43 init
View 6 Replies
View Related
Dec 26, 2008
I just got new server:
2.0 GHz, Xeon 5405 (Harpertown) (Quad Core) with CentOS 5 installed. It has 4 gigs of RAM.
I would like to optimize it for php/mysql based forum.
Any suggestions on how to tweak my.cnf or httpd.conf or anything else. My main goal is to optimize it for php/mysql.
I understand I can leave everything the way it is, but I would rather optimize my server, if I can.
Like should I install some kind of memory cache and if yes, which one? Should I edit default settings of PHP?
View 5 Replies
View Related
Feb 18, 2008
I hope some of you folks could give me some pointers here. I have a server that is used for a gaming clan's purposes. Nothing major as far as games go, but what I got I want running at peak efficiency.
The most important is the Counter-Strike source. I really need the kernel frequency to be tweaked for this. The number one question is can I merely modify the existing config file and recompile that or do I need to start all over? If I could do that is it something like make old or something to that matter?
I am running a couple other servers as well, but there is never a time where all the servers have anyone in them. I keep everything running. After installing some weird stuffs here and there I got the memory usage to go down. I think. Regarding a scenario of having more than one instance of a game, is there any way to share memory between them?
My Swap. Is there a way to force idling games to move to it instead of using physical memory?
The kernel is what I really need to take care of. I'm still somewhat of a n00b and have just switched from centos to debian to top it off. So any tips would make my day. Thanks for reading me.
View 2 Replies
View Related
May 7, 2009
Hi"Optimization of computing resources has long been an important management issue. One of its aspects concerns server scalability and the question of whether an organization should scale-up or scale out.Assume that the computing performance of the servers can be measured by variable 0 <=p, that their total cost is given by "c" and the relationship between server performance and cost is defined by c=αp^β"
a. What is the cost-performance elasticity(ђ), precisely?
b. What would be the range of values for ђ that would be expected by moore's law and what are its implications?
c. What would be the range of values for ђ that would lead managers to scale-out? Draw a graph and throughly explain the implications.
View 8 Replies
View Related
Nov 13, 2008
I'm on a dedicated server and the httpd service of the server keeps going down which results in downtime for the number of hours until i dont realise that the site is down.
So when I realise the site is down, I ask the hosting support to look into the issue, they tell me the server loads are high and ask me to upgrade even when I just upgraded the server last month.
Generally the forum has around (250 - 300 members) + guests visitors online and is in the alexa top 20k sites.
The first thing I would want to do is hire a person who specializes in server optimization but then I have heard a lot of bad things like the server admin stealing databases and selling it in open market.
The second thing I wanted to do is contact vbulletin for server optimization but they need me to give them server specs and I dont know how to obtain them.
View 8 Replies
View Related
Jul 2, 2008
My server is running a AMD Athlon(tm) XP 2000+ (1662 MHz)CPU
I only host one site, a vb forum on my server and its killing the CPU with only 80-100 people online.
The load averages are:
23.73 (1 mins) , 20.39 (5 mins) , 10.88 (15 mins)
and these are the processes that are making it slow:
Code:
ID Owner CPU Command
8003 mysql 34.1 % /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-f ...
7777 apache 2.1 % /usr/sbin/httpd
7911 apache 2.1 % /usr/sbin/httpd
8382 apache 2.1 % /usr/sbin/httpd
7857 apache 1.9 % /usr/sbin/httpd
7776 apache 1.8 % /usr/sbin/httpd
8384 apache 1.7 % /usr/sbin/httpd
7849 apache 1.6 % /usr/sbin/httpd
9159 root 1.6 % /usr/libexec/webmin/proc/index_cpu.cgi
7852 apache 1.5 % /usr/sbin/httpd
8790 apache 1.4 % /usr/sbin/httpd
8724 apache 1.2 % /usr/sbin/httpd
8775 apache 1.2 % /usr/sbin/httpd
8779 apache 1.1 % /usr/sbin/httpd
8841 apache 1.1 % /usr/sbin/httpd
155 root 1.0 % [kswapd0]
8752 apache 1.0 % /usr/sbin/httpd
8881 root 1.0 % /usr/bin/perl /usr/libexec/webmin/virtual-server/collectinfo.pl
8961 apache 1.0 % /usr/sbin/httpd
8759 apache 0.9 % /usr/sbin/httpd
8777 apache 0.9 % /usr/sbin/httpd
8956 apache 0.9 % /usr/sbin/httpd
8962 apache 0.9 % /usr/sbin/httpd ..
View 6 Replies
View Related
Jan 15, 2007
Can anyone recommend a good company or someone that would be able to optimize Apache and MySQL on my server? I've slightly configured Apache so that it works well with my server so I'm mainly looking for someone to optimize MySQL (since it's using a lot of cpu).
The server load is pretty high so I'm hoping to reduce it before having to upgrade to a new server.
View 6 Replies
View Related
Oct 30, 2007
i run a fedora server with plesk 8 on it i was wondering if some one can help me to find the best way to optimize the databases on the server at once my servers contains many clients with unicode data in the database.
View 0 Replies
View Related
Mar 20, 2007
I currently have a server for proxy websites only.
I have disabled MySQL, is that ok?
Will my statistics software still work (awstats)?
What else can i disable or do to optimize the server for proxy websites.
I'm using the phproxy scripts.
View 0 Replies
View Related
Jan 24, 2007
I'm sure by now most of you have read the Web Server Optimization Guide by Shaw Networks. It came in handy for me when I was first starting out, I reduced my load & memory usage by tonnes. I thought I would make a new thread with an updated How-To.
Recommended Tools/Programs:
Putty - Free SSH Client - [url]
WinSCP - Free SFTP and SCP Client - [url]
MySQL Optimization:
BACKUP:
cp /etc/my.cnf /etc/my.cnf.backup
Use Pico (pico /etc/my.cnf) or Download via WinSCP for editing,
Delete everything that is currently in the file and add the following...
Code:
[mysqld]
port = 3306
socket = /var/lib/mysql/mysql.sock
skip-locking
skip-innodb
query_cache_limit=8M
query_cache_size=256M
query_cache_type=1
max_connections=500
max_user_connections=100
interactive_timeout=60
wait_timeout=60
connect_timeout=30
thread_cache_size=128
key_buffer=16M
join_buffer=1M
max_allowed_packet=16M
table_cache=1024
record_buffer=1M
sort_buffer_size=2M
read_buffer_size=2M
max_connect_errors=100
# Try number of CPU's*2 for thread_concurrency
thread_concurrency=2
myisam_sort_buffer_size=64M
#log-bin
server-id=1
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[isamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M
[myisamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
To Save: CTRL-X
Restart Service: "service mysqld restart" or "service mysql restart" or "/etc/rc.d/init.d/mysql restart"
HTTP/APACHE Optimization:
BACKUP:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup
Use Pico (pico /usr/local/apache/conf/httpd.conf) or Download via WinSCP for editing,
Change the following settings in your httpd.conf...
Set "Timeout" value to "Timeout 60"
Set "KeepAlive" to "KeepAlive on"
Set "KeepAliveTimeout" to "KeepAliveTimeout 3"
Set "MinSpareServers" to "MinSpareServers 16"
Set "MaxSpareServers" to "MaxSpareServers 32"
Set "MaxRequestsPerChild" to "MaxRequestsPerChild 256"
Set "HostnameLookups" to "HostnameLookups Off"
Note:
These settings will not work under all server environments its recommended that you tweak around with the numbers until your web server is running 100% please read Apache documentation before changing any settings so you know what you are changing [url]
To Save: CTRL-X
Restart Service: "service httpd restart" or "/etc/rc.d/init.d/httpd restart"
Installing eAccelerator:
eAccelerator is a further development from mmcache PHP Accelerator & Encoder. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. [url]
If you run CPanel please visit [url] for an auto-installer which will do all the hard work for you.
Run the following in SSH.
Code:
cd /
mkdir ea
cd ea
wget [url]
bunzip2 eaccelerator-0.9.5.tar.bz2
tar -xvf eaccelerator-0.9.5.tar
cd eaccelerator-0.9.5
export PHP_PREFIX="/usr"
$PHP_PREFIX/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
make
make install
mkdir /phpcache
chmod 0777 /phpcache
Edit your PHP.INI file and at the bottom add...
Code:
To install as a ZEND extension:
zend_extension="/ea/eaccelerator-0.9.5/modules/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/phpcache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
OR to install as a PHP extension:
extension="/ea/eaccelerator-0.9.5/modules/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/phpcache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
Restart Service: "service httpd restart" or "/etc/rc.d/init.d/httpd restart"
For a great tutorial on Optimizing host.conf & sysctl.conf visit..
http://www.eth0.us/node/104
Common SSH Commands visit..
[url]
How to block an IP using iptables visit..
[url]
View 14 Replies
View Related
Apr 21, 2008
So the site got featured on [url]and now the server is drowning...
The Coppermine Gallery usually hovers around 30~50 users daily and now, 1800, and im at a lost as how I should configure mysql to take on such a load. right now it takes about 10 secs or more to load a page and sometimes it would time out. Because it si coppermine, all pages are dynamic and can't be cached -_-"
Here's the my.cnf right now after i played around with the numbers
server spec
Opteron 170 (2ghz)
2gb ram
250 7200rpm
[mysqld]
set-variable=local-infile=0
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
#skip-networking
back_log = 75
key_buffer = 256M
myisam_sort_buffer_size = 64M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
table_cache = 1800
thread_cache_size = 384
wait_timeout = 7200
max_connections = 600
connect_timeout = 100
wait_timeout = 12000
tmp_table_size = 100M
max_heap_table_size = 64M
max_allowed_packet = 15M
max_connect_errors = 9999999
read_rnd_buffer_size = 524288
bulk_insert_buffer_size = 8M
query_cache_limit = 40M
query_cache_size = 150M
query_cache_type = 1
query_prealloc_size = 65536
tmp_table_size = 64M
query_alloc_block_size = 131072
default-storage-engine = MyISAM
[mysql.server]
user=mysql
basedir=/var/lib
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
nice = -5
open_files_limit = 8192
[mysqldump]
quick
max_allowed_packet = 16M
[myisamchk]
key_buffer = 64M
sort_buffer = 64M
read_buffer = 16M
write_buffer = 16M
httpd.conf
Timeout 20
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive Off
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 200
MaxClients 200
MaxRequestsPerChild 1500
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
View 11 Replies
View Related
Jun 24, 2008
I have a fairly high end server in which I have installed SIM. SIM is restarting Apache up to 10 times a day, presumably due to high load causing un-availability.
On restart, Apache / MYSQL is stable until the load / mem usage begins to climb then it is restarted again. Here are my 'load' stats for today:
Load for today
High (2:18am): 4.63
Low (3:30am): 1.20
Mean: 1.84
Latest: 1.61
Mem usage for today
High (1:36am): 9,192.9 MB
Low (1:48am): 7,995.7 MB
Mean: 8,683.1 MB
Latest: 8,781.7 MB
I have seen it using 20GB RAM before.
I have tried to follow various optimisation guides but these seem tailored to less powerful servers.
The web application I run on this server is almost entirely MYSQL based, with thousands of DB calls a day. Across the entire system I probably get 200,000 bot hits per day or even more. At peak times search engine bots are literally hammering the server.
My server specs are:
# Processor: Quad-Core Xeon Processor * 8
# CPU Speed: 3Ghz
# RAM: 32 GB DDR2
# HDD: 36 GB 15k Raptor X2 + 1TB Sata
# OS: 32Bit CentOS
Changes / optimisation of the actual application is not possible.
My configuration files are:
My.cnf ....
View 11 Replies
View Related
May 27, 2008
I'm currently in the process of installing a mysql database server on my dedicated game server box. I was using shared hosting before, but i got a complaint from them that i was using too many connections and memory so i have to host the database myself.
Here's the stats of the server:
Dual Core Dual CPU Intel Xeon 3.0Ghz (2 core per cpu & 2 cpu's)
4GB RAM
120GB SATAII Hard Drive
Windows 2003 Enterprise Edition SP2 (180 Day Trial)
Currently, im hosting around 10 game servers on the machine with around 30% CPU load. I'm running with the page file disabled (its using 2 GB of RAM instead). Server runs fine like this (i heard its a performance boost, and it is). Over 2GB of ram are free at all times even when most of the game servers are full.
I want the database server to be able to as many connections are need from the game servers but at the same time i dont want to affect performance of the game servers. Any suggestions on what settings i should use?
I'm currently using these settings:
key_buffer = 512M
max_allowed_packet = 1M
table_cache = 512
sort_buffer_size = 1M
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 16M
max_connections = 100
query_cache_size = 128MB
query_cache_limit = 4MB
tmp_table_size = 30MB
wait_timeout = 120
P.S. The SQL will have 3 databases (AMXBans, SourceBans, & a RP character db). Everytime a player connects to one of my servers, their information is checked against the database if they are an admin. So in total i have around 126 slots for players to connect on.
View 1 Replies
View Related
Jun 18, 2009
Can anyone recommend a Apached and MYSQL optimization expert? I just some optimization done on mysql and apache upgraded... but pache wouldn't restart with the following entries:
MinSpareThreads 25
MaxSpareThreads 35
ThreadsPerChild 25
if i remove above then it starts... but my CPU spikes and I am getting a ton of errors emailed to me:
Invalid SQL:
SELECT COUNT(DISTINCT(userid)) AS count FROM vb_session WHERE vb_session.userid>0 AND vb_session.lastactivity>1245294346;
MySQL Error : Out of memory (Needed 8388580 bytes)
Error Number : 5
Request Date : Wednesday, June 17th 2009 @ 09:39:06 PM
Error Date : Wednesday, June 17th 2009 @ 09:39:06 PM
Its constantly complaining about this same query and i thought i removed all of the vbulletin options...
i am pulling my hair out... cuz my server isn't swapping, ther are 0ver 8GBs in cache.... but my CPU goes up
Here is original problem thread...
[url]
2nd post has recommended config... and my subsequent probs
View 6 Replies
View Related
Mar 3, 2007
We just upgraded to VBulletin 3.6.5, and are experiencing strange behavior. My forums are on a dedicated server, 27,000 users.
We'll be running along fine with loads of .5-2.00, etc. Then suddenly, the loads start climbing to 50, 70, 85+. We've been trying to figure out why. We even went on a different (much more robust) server, still the same result. This only started happening after the upgrade. Restarting the server corrects the problem, but only until it happens again. It can happen at anytime - during peak or off peak. The server may run for an hour or two until this happens, or it can happen 10 minutes after a restart.
Late last night when loads were normal we benched the server hard, and it ran just fine. We just can't figure out where this load spike is coming from.
Server info below:
Servers:
Mysql: server version: 5.0.27-log
PHP: PHP 5.1.6 (cli) Zend Engine v2.1.0,
Apache Server version: Apache/2.2.3
Kernel: 2.6.19-1.2911.fc6 #1 SMP
Server:
Pentium III with 1 gig of ram
15k RPM SCSI Raid 5
1 Gig RAM
-----------------------------------------------------------------------
[root@forums forums]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 8
model name : Pentium III (Coppermine)
stepping : 6
cpu MHz : 861.001
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca
cmov pat pse36 mmx fxsr sse
bogomips : 1722.41
processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 8
model name : Pentium III (Coppermine)
stepping : 6
cpu MHz : 861.001
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca
cmov pat pse36 mmx fxsr sse
bogomips : 1721.51
--------------------------------------------------------------------------
my.cnf:
[root@forums forums]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log_error = /var/log/mysql_error.log
log-slow-queries = /var/log/mysql_slow_queries.log
safe-show-database
old_passwords
back_log = 20
skip-innodb
key_buffer_size = 256M
myisam_sort_buffer_size = 64M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
table_cache = 600
thread_cache_size = 384
wait_timeout = 35
connect_timeout = 10
tmp_table_size = 64M
max_heap_table_size = 64M
max_allowed_packet = 64M
max_connect_errors = 10
read_rnd_buffer_size = 524288
bulk_insert_buffer_size = 8M
query_cache_limit = 4M
query_cache_size = 48M
query_cache_type = 1
query_prealloc_size = 163840
query_alloc_block_size = 32768
default-storage-engine = MyISAM
[mysql.server]
user=mysql
basedir=/var/lib
[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
open_files_limit = 8192
[mysqldump]
quick
max_allowed_packet = 16M
[myisamchk]
key_buffer = 64M
sort_buffer = 64M
read_buffer = 16M
write_buffer = 16M
-------------------------------------------------------
Relevant Apache:
StartServers 10
MinSpareServers 10
MaxSpareServers 15
ServerLimit 256
MaxClients 90
MaxRequestsPerChild 1000
---------------------------------------------------------
View 3 Replies
View Related
Jun 7, 2008
I use a couple of different hosting companies.
Recently, I've begun setting up blogs.
I've been trying to set up blogs on Company "A" for the past month and have had nothing but problems.
While waiting to hear back - one more time - from tech support on Company "A"
I set up a blog on Company "B". Everything set up perfectly, smoothly and in about 1 hour I had the blog up and running.
I'm using 2.5.1 WPB and plugins that are NOT known to have "issues".
I've used the same themes and plugins on "A" and "B".
I changed permissions on a couple of the plugins (company A) and the plugins just disappeared.
I tried setting up widgets and none work.
if there are specific settings server side that make setting up blogs work/not work?
View 15 Replies
View Related
Sep 6, 2008
I have a problem with my csf setting dunno why now when i start csf i block my server, i come from backup before with same config and working very well dunno why not working in this time.
Code:
###############################################################################
# Copyright 2006, Way to the Web Limited
# URL: http://www.waytotheweb.com
# Email: sales@waytotheweb.com
###############################################################################
# This configuration is for use with generic Linux servers, do not change the
# following setting:
GENERIC = "1"
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
TESTING = "0"
# The interval for the crontab in minutes. Since this uses the system clock the
# CRON job will run at the interval past the hour and not from when you issue
# the start command. Therefore an interval of 5 minutes means the firewall
# will be cleared in 0-5 minutes from the firewall start
TESTING_INTERVAL = "5"
# Enabling auto updates creates a cron job called /etc/cron.d/csf_update which
# runs once per day to see if there is an update to csf+lfd and upgrades if
# available and restarts csf and lfd. Updates do not overwrite configuration
# files or email templates. An email will be sent to the root account if an
# update is performed
AUTO_UPDATES = "1"
# By default, csf will auto-configure iptables to filter all traffic except on
# the local (lo:) device. If you only want iptables rules applied to a specific
# NIC, then list it here (e.g. eth1, or eth+)
ETH_DEVICE = "venet0"
# If you don't want iptables rules applied to specific NICs, then list them in
# a comma separated list (e.g "eth1,eth2")
ETH_DEVICE_SKIP = ""
# Lists of ports in the following comma separated lists can be added using a
# colon (e.g. 30000:35000).
# Allow incoming TCP ports
TCP_IN = "21,22,25,53,80,110,143,443,993,995,3306,3784,7776:7779,8767,10000,35000:36000,14534,51234,25000:26000,9339,6969"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,953,995,9339,6969,5558,2222"
# Allow incoming UDP ports
UDP_IN = "20,21,53,953,3784,8767,1000"
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123,953,1000:3800,6100,6881"
# Allow incoming PING
ICMP_IN = "1"
# Set the per IP address incoming ICMP packet rate
# To disable rate limiting set to "0"
ICMP_IN_RATE = "1/s"
# Allow outgoing PING
ICMP_OUT = "1"
# Set the per IP address outgoing ICMP packet rate
# To disable rate limiting set to "0"
ICMP_OUT_RATE = "1/s"
# If this is a MONOLITHIC kernel (i.e. it has no LKM support, e.g. a VPS) then
# set this to 1. Because of the nature of monolithic kernels, it's not easy to
# determine which modules have been built-in, so some functionality may not be
# available and this firewall script may not work.
#
# One example is if the ip_conntrack and ip_conntrack_ftp iptables kernel
# modules are not available. If this happens, FTP passive mode (PASV) won't
# work. In such circumstances you will have to open a hole in your firewall and
# configure the FTP daemon to use that same hole. For example, with pure-ftpd
# you could add the port range 30000:35000 to TCP_IN and add the following line
# to /etc/pure-ftpd.conf (without the leading #):
# PassivePortRange30000 35000
# Then restart pure-ftpd and csf and passive FTP should then work
MONOLITHIC_KERNEL = "1"
# Drop target for iptables rules. This can be set to either DROP ot REJECT.
# REJECT will send back an error packet, DROP will not respond at all. REJECT
# is more polite, however it does provide extra information to a hacker and
# lets them know that a firewall is blocking their attempts. DROP hangs their
# connection, thereby frustrating attempts to port scan the server.
DROP = "DROP"
# Enable logging of dropped connections to blocked ports to syslog, usually
# /var/log/messages. This option needs to be enabled to use Port Scan Tracking
DROP_LOGGING = "1"
# Enable logging of dropped connections to blocked IP addresses in csf.deny or
# by lfd with temporary connection tracking blocks. Do not enable this option
# if you use Port Scan Tracking
DROP_IP_LOGGING = "0"
# Only log reserved port dropped connections (0:1023). Useful since you're not
# usually bothered about ephemeral port drops
DROP_ONLYRES = "0"
# Commonly blocked ports that you do not want logging as they tend to just fill
# up the log file. These ports are specifically blocked (applied to TCP and UDP
# protocols) for incoming connections
DROP_NOLOG = "67,68,111,113,135:139,445,513,520"
# Enable packet filtering for unwanted or illegal packets
PACKET_FILTER = "1"
# Log packets dropped by the packet filtering option PACKET_FILTER. This will
# show packet drops that iptables has deemed INVALID (i.e. there is no
# established TCP connection in the state table), or if the TCP flags in the
# packet are out of sequence or illegal in the protocol exchange.
#
# If you see packets being dropped that you would rather allow then disable the
# PACKET_FILTER option above by setting it to "0"
DROP_PF_LOGGING = "0"
# Enable SYN flood protection. This option configures iptables to offer some
# protection from tcp SYN packet DOS attempts. You should set the RATE so that
# false-positives are kept to a minimum otherwise visitors may see connection
# issues (check /var/log/messages for *SYNFLOOD Blocked*). See the iptables
# man page for the correct --limit rate syntax
SYNFLOOD = "0"
SYNFLOOD_RATE = "4/s"
# Enable verbose output of iptables commands
VERBOSE = "1"
# Log lfd messages to SYSLOG in addition to /var/log/lfd.log. You must have the
# perl module Sys::Syslog installed to use this feature
SYSLOG = "1"
# If you wish to allow access from dynamic DNS records (for example if your IP
# address changes whenever you connect to the internet but you have a dedicated
# dynamic DNS record from the likes of dyndns.org) then you can list the FQDN
# records in csf.dyndns and then set the following to the number of seconds to
# poll for a change in the IP address. If the IP address has changed iptables
# will be updated.
#
# A setting of 600 would check for IP updates every 10 minutes. Set the value
# to 0 to disable the feature
DYNDNS = "0"
# Limit the number of IP's kept in the /etc/csf/csf.deny file. This can be
# important as a large number of IP addresses create a large number of iptables
# rules (4 times the number of IP's) which can cause problems on some systems
# where either the the number of iptables entries has been limited (esp VPS's)
# or where resources are limited. This can result in slow network performance,
# or, in the case of iptables entry limits, can prevent your server from
# booting as not all the required iptables chain settings will be correctly
# configured. The value set here is the maximum number of IPs/CIDRs allowed
# if the limit is reached, the entries will be rotated so that the oldest
# entries (i.e. the ones at the top) will be removed and the latest is added.
# The limit is only checked when using csf -d (which is what lfd also uses)
# Set to 0 to disable limiting
DENY_IP_LIMIT = "100"
# Limit the number of IP's kept in the temprary IP ban list. If the limit is
# reached the oldest IP's in the ban list will be removed and allowed
# regardless of the amount of time remaining for the block
# Set to 0 to disable limiting
DENY_TEMP_IP_LIMIT = "100"
# Temporary to Permanent IP blocking. The following enables this feature to
# permanently block IP addresses that have been temporarily blocked
# LF_PERMBLOCK_COUNT times in the last LF_PERMBLOCK_INTERVAL seconds. Set
# LF_PERMBLOCK to "1" to enable this feature
#
# Care needs to be taken when setting LF_PERMBLOCK_INTERVAL as it needs to be
# at least LF_PERMBLOCK_COUNT multiplied by the longest temporary time setting
# (TTL) for blocked IPs, to be effective
#
# Set LF_PERMBLOCK to "0" to disable this feature
LF_PERMBLOCK = "0"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "4"
# Permanently block IPs by network class. The following enables this feature
# to permanently block classes of IP address where individual IP addresses
# within the same class LF_NETBLOCK_CLASS have already been blocked
# LF_NETBLOCK_COUNT times in the last LF_NETBLOCK_INTERVAL seconds. Set
# LF_NETBLOCK to "1" to enable this feature
#
# This can be an affective way of blocking DDOS attacks launched from within
# the same networ class
#
# Valid settings for LF_NETBLOCK_CLASS are "A", "B" and "C", care and
# consideration is required when blocking network classes A or B
#
# Set LF_NETBLOCK to "0" to disable this feature
LF_NETBLOCK = "0"
LF_NETBLOCK_INTERVAL = "86400"
LF_NETBLOCK_COUNT = "4"
LF_NETBLOCK_CLASS = "C"
# The follow Global options allow you to specify a URL where csf can grab a
# centralised copy of an IP allow or deny block list of your own. You need to
# specify the full URL in the following options, i.e.:
# http://www.somelocation.com/allow.txt
#
# The actual retrieval of these IP's is controlled by lfd, so you need to set
# LF_GLOBAL to the interval (in seconds) when you want lfd to retrieve. lfd
# will perform the retrieval when it runs and then again at the specified
# interval. A sensible interval would probably be every 3600 seconds (1 hour)
#
# You do not have to specify both an allow and a deny file
#
# You can also configure a global ignore file for IP's that lfd should ignore
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
GLOBAL_IGNORE = ""
LF_GLOBAL = ""
# Enable login failure detection daemon (lfd). If set to 0 none of the other LF
# settings have any effect as the daemon won't start.
# When the trigger level of failures is reached lfd will use csf to add the IP
# to the /etc/csf/csf.deny file and block it
LF_DAEMON = "1"
# The following[*] triggers are application specific. If you set LF_TRIGGER to
# "0" the value of each trigger is the number of failures against that
# application that will trigger lfd to block the IP address
#
# If you set LF_TRIGGER to a value greater than "0" then the following[*]
# application triggers are simply on or off ("0" or "1") and the value of
# LF_TRIGGER is the total cumulative number of failures that will trigger lfd
# to block the IP address
#
# Setting the application trigger to "0" disables it
LF_TRIGGER = "0"
# If LF_TRIGGER is > 1 then the following can be set to "1" to permanently
# block the IP address, or if set to a value greater than "1" then the IP
# address will be blocked temporarily for the value in seconds. For example:
# LF_TRIGGER = "1" => the IP is blocked permanently
# LF_TRIGGER = "3600" => the IP is blocked temporarily for 1 hour
#
# If LF_TRIGGER is 0, then the application LF_[application]_PERM value works in
# the same way as above
LF_TRIGGER_PERM = "1"
# To only block access to the failed application instead of a complete block
# for an ip address, you can set the following to "1", but LF_TRIGGER must be
# set to "0" with specific application[*] trigger levels also set
LF_SELECT = "0"
#[*]Enable login failure detection of sshd connections
LF_SSHD = "5"
LF_SSHD_PERM = "1"
#[*]Enable login failure detection of pure-ftpd connections
LF_FTPD = "10"
LF_FTPD_PERM = "1"
#[*]Enable login failure detection of SMTP AUTH connections
LF_SMTPAUTH = "5"
LF_SMTPAUTH_PERM = "1"
#[*]Enable login failure detection of courier pop3 connections. This will not
# trap the older cppop daemon
LF_POP3D = "10"
LF_POP3D_PERM = "1"
#[*]Enable login failure detection of courier imap connections. This will not
# trap the older cpimap (uwimap) daemon
LF_IMAPD = "10"
LF_IMAPD_PERM = "1"
#[*]Enable login failure detection of Apache .htpasswd connections
# Due to the often high logging rate in the Apache error log, you might want to
# enable this option only if you know you are suffering from attacks against
# password protected directories
LF_HTACCESS = "5"
LF_HTACCESS_PERM = "1"
#[*]Enable failure detection of Apache mod_security connections
# Due to the often high logging rate in the Apache error log, you might want to
# enable this option only if you know you are suffering from attacks against
# web scripts
LF_MODSEC = "5"
LF_MODSEC_PERM = "1"
#[*]Enable detection of suhosin triggers and blocking of attackers
# Example: LF_SUHOSIN = "5"
LF_SUHOSIN = "0"
LF_SUHOSIN_PERM = "1"
# Check that csf appears to have been stopped. This checks the status of the
# iptables INPUT chain. If it's not set to DROP, LF will run csf. This will not
# happen if TESTING is enabled above. The check is done every 300 seconds
LF_CSF = "1"
# Send an email alert if anyone logs in successfully using SSH
LF_SSH_EMAIL_ALERT = "1"
# Send an email alert if anyone uses su to access another account. This will
# send an email alert whether the attempt to use su was successful or not
LF_SU_EMAIL_ALERT = "1"
# Enable Directory Watching. This enables lfd to check /tmp and /dev/shm
# directories for suspicious files, i.e. script exploits. If a suspicious
# file is found an email alert is sent. Only one alert per file is sent until
# lfd is restarted, so if you remove a suspicious file, remember to restart lfd
#
# To enable this feature set the following to the checking interval in seconds.
# Set to disable set to "0"
LF_DIRWATCH = "60"
# To remove any suspicious files found during directory watching, enable the
# following. These files will be appended to a tarball in
# /etc/csf/suspicious.tar
LF_DIRWATCH_DISABLE = "0"
# This option allows you to have lfd watch a particular file or directory for
# changes and should they change and email alert using watchalert.txt is sent
#
# To enable this feature set the following to the checking interval in seconds
# (a value of 60 would seem sensible) and add your entries to csf.dirwatch
#
# Set to disable set to "0"
LF_DIRWATCH_FILE = "0"
# This is the interval that is used to flush reports of usernames, files and
# pids so that persistent problems continue to be reported, in seconds.
# A value of 3600 seems sensible
LF_FLUSH = "3600"
# System Integrity Checking. This enables lfd to compare md5sums of the
# servers OS binary application files from the time when lfd starts. If the
# md5sum of a monitored file changes an alert is sent. This option is intended
# as an IDS (Intrusion Detection System) and is the last line of detection for
# a possible root compromise.
#
# There will be constant false-positives as the servers OS is updated or
# monitored application binaries are updated. However, unexpected changes
# should be carefully inspected.
#
# Modified files will only be reported via email once.
#
# To enable this feature set the following to the checking interval in seconds
# (a value of 3600 would seem sensible). This option may pur an increased I/O
# load onto the server as it checks system binaries.
#
# To disable set to "0"
LF_INTEGRITY = "3600"
# System Exploit Checking. This enables lfd to check for the Random JS Toolkit
# and may check for others in the future:
# http://www.cpanel.net/security/notes/random_js_toolkit.html
# It compares md5sums of the binaries listed in the exploit above for changes
# and also attempts to create and remove a number directory
#
# Modified files will only be reported via email once, though will be reset
# after an hour
#
# To enable this feature set the following to the checking interval in seconds
# (a value of 300 would seem sensible).
#
# To disable set to "0"
LF_EXPLOIT = "300"
# This comma separated list allows you to (de)select which tests LF_EXPLOIT
# performs
#
# For the SUPERUSER check, you can list usernames in csf.suignore to have them
# ignored for that test
#
# Valid tests are:
# JS,SUPERUSER
LF_EXPLOIT_CHECK = "JS,SUPERUSER"
# Set the time interval to track login failures within (seconds), i.e.
# LF_TRIGGER failures within the last LF_INTERVAL seconds
LF_INTERVAL = "300"
# Set the log file parsing interval (seconds). This is how long the daemon
# sleeps before processing the log file entries since the last scan finished
LF_PARSE = "5"
# Send an email alert if an IP address is blocked
LF_EMAIL_ALERT = "1"
# Send an email alert if an account exceeds LT_POP3D/LT_IMAPD logins per hour
# per IP
LT_EMAIL_ALERT = "1"
# Block POP3 logins if greater than LT_POP3D times per hour per account per IP
# address (0=disabled)
LT_POP3D = "15"
# Block IMAP logins if greater than LT_IMAPD times per hour per account per IP
# address (0=disabled) - not recommended for IMAP logins due to the ethos
# within which IMAP works. If you want to use this, setting it quite high is
# probably a good idea
LT_IMAPD = "0"
# Enable IP range blocking using the DShield Block List at
# http://www.dshield.org/block_list_info.php
# To enable this feature, set the following to the interval in seconds that you
# want the block list updated. The list is reasonably static during the length
# of a day, so it would be appropriate to only update once every 24 hours, so
# a value of "86400" is recommended
LF_DSHIELD = "86400"
# The DShield block list URL. If you change this to something else be sure it
# is in the same format as the block list
LF_DSHIELD_URL = "http://feeds.dshield.org/block.txt"
# Enable IP range blocking using the Spamhaus DROP List at
# http://www.spamhaus.org/drop/index.lasso
# To enable this feature, set the following to the interval in seconds that you
# want the block list updated. The list is reasonably static during the length
# of a day, so it would be appropriate to only update once every 24 hours, so
# a value of "86400" is recommended
LF_SPAMHAUS = "86400"
# The Spamhaus DROP List URL. If you change this to something else be sure it
# is in the same format as the drop list
LF_SPAMHAUS_URL = "http://www.spamhaus.org/drop/drop.lasso"
# Enable IP range blocking using the BOGON List at
# http://www.cymru.com/Bogons/
# To enable this feature, set the following to the interval in seconds that you
# want the block list updated. The list is reasonably static during the length
# of a day, so it would be appropriate to only update once every 24 hours, so
# a value of "86400" is recommended
#
# Do NOT use this option if your server uses IP's on the bogon list (e.g. this
# is often the case with servers behind a NAT firewall using ip routing)
LF_BOGON = "0"
# The BOGON List URL. If you change this to something else be sure it
# is in the same format as the drop list
LF_BOGON_URL = "http://www.cymru.com/Documents/bogon-bn-agg.txt"
# Connection Tracking. This option enables tracking of all connections from IP
# addresses to the server. If the total number of connections is greater than
# this value then the offending IP address is blocked. This can be used to help
# prevent some types of DOS attack.
#
# Care should be taken with this option. It's entirely possible that you will
# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
# and HTTP so it could be quite easy to trigger, especially with a lot of
# closed connections in TIME_WAIT. However, for a server that is prone to DOS
# attacks this may be very useful. A reasonable setting for this option might
# be arround 200.
#
# To disable this feature, set this to 0
CT_LIMIT = "200"
# Connection Tracking interval. Set this to the the number of seconds between
# connection tracking scans. Don't set this too low or you will affect server
# performance as lfd runs netstat each time to determine the connections
CT_INTERVAL = "60"
# Send an email alert if an IP address is blocked due to connection tracking
CT_EMAIL_ALERT = "1"
# If you want to make IP blocks permanent then set this to 1, otherwise blocks
# will be temporary and will be cleared periodically or whenever the firewall
# is restarted
CT_PERMANENT = "0"
# If you opt for temporary IP blocks for CT, then the following is the interval
# in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)
CT_BLOCK_TIME = "3200"
# If you don't want to count the TIME_WAIT state against the connection count
# then set the following to "1"
CT_SKIP_TIME_WAIT = "0"
# If you only want to ount specific states (e.g. SYN_RECV) then add the states
# to the following as a comma separated list. E.g. "SYN_RECV,TIME_WAIT"
#
# Leave this option empty to count all states against CT_LIMIT
CT_STATES = ""
# Process Tracking. This option enables tracking of user and nobody processes
# and examines them for suspicious executables or open network ports. Its
# purpose is to identify potential exploit processes that are running on the
# server, even if they are obfuscated to appear as system services. If a
# suspicious process is found an alert email is sent with relevant information.
# It is then the responsibility of the recipient to investigate the process
# further as the script takes no further action. Processes (PIDs) are only
# reported once unless lfd is restarted.
#
# The following is the number of seconds a process has to be active before it
# is inspected. If you set this time too low, then you will likely trigger
# false-positives with CGI or PHP scripts.
# Set the value to 0 to disable this feature
PT_LIMIT = "60"
# How frequently processes are checked in seconds
PT_INTERVAL = "60"
# If you want process tracking to highlight php or perl scripts that are run
# through apache for greater than PT_LIMIT seconds then disable the following,
# i.e. set it to 0
#
# While enabling this setting will reduce false-positives, having it set to 0
# does provide better checking for exploits running on the server
PT_SKIP_HTTP = "1"
# User Process Tracking. This option enables the tracking of the number of
# process any given linux account is running at one time. If the number of
# processes exceeds the value of the following setting an email alert is sent
# with details of those processes. A user is only reported once, so lfd must be
# restarted to reinstate checking of all users. If you specify a user in
# csf.pignore it will be ignored
#
# Set to 0 to disable this feature
PT_USERPROC = "10"
# This User Process Tracking option sends an alert if any linux user process
# exceeds the memory usage set (MB). To ignore specific processes or users use
# csf.pignore
#
# Set PT_USERKILL to have lfd kill off the process
#
# Set to 0 to disable this feature
PT_USERMEM = "100"
# This User Process Tracking option sends an alert if any linux user process
# exceeds the time usage set (seconds). To ignore specific processes or users
# use csf.pignore
#
# Set PT_USERKILL to have lfd kill off the process
#
# Set to 0 to disable this feature
PT_USERTIME = "3200"
# If this option is set then processes detected by PT_USERMEM or PT_USERTIME
# or PT_USERPROC are killed
PT_USERKILL = "0"
# Check the PT_LOAD_AVG minute Load Average (can be set to 1 5 or 15 and
# defaults to 5 if set otherwise) on the server every PT_LOAD seconds. If the
# load average is greater than or equal to PT_LOAD_LEVEL then an email alert is
# sent. lfd then does not report subsequent high load until PT_LOAD_SKIP
# seconds has passed to prevent email floods.
#
# Set PT_LOAD to "0" to disable this feature
PT_LOAD = "30"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "6"
PT_LOAD_SKIP = "3600"
# If a PT_LOAD event is triggered, then if the following contains the path to
# a script, it will be run in a child process. For example, the script could
# contain commands to terminate and restart httpd, php, exim, etc incase of
# looping processes
PT_LOAD_ACTION = ""
# Port Scan Tracking. This feature tracks port blocks logged by iptables to
# syslog. If an IP address generates a port block that is logged more than
# PS_LIMIT within PS_INTERVAL seconds, the IP address will be blocked.
#
# This feature could, for example, be useful for blocking hackers attempting
# to access the standard SSH port if you have moved it to a port other than 22
# and have removed 22 from the TCP_IN list so that connection attempts to the
# old port are being logged
#
# This feature blocks all iptables blocks from the iptables logs, including
# repeated attempts to one port or SYN flood blocks, etc
#
# Note: This feature will only track iptables blocks from the log file set in
# IPTABLES_LOG below and if you have DROP_LOGGING enabled. However, it will
# cause redundant blocking with DROP_IP_LOGGING enabled
#
# Warning: It's possible that an elaborate DDOS (i.e. from multiple IP's)
# could very quickly fill the iptables rule chains and cause a DOS in itself.
# The DENY_IP_LIMIT should help to mitigate such problems with permanent blocks
# and the DENY_TEMP_IP_LIMIT with temporary blocks
#
# Set PS_INTERVAL to "0" to disable this feature. A value of between 60 and 300
# would be sensible to enable this feature
PS_INTERVAL = "0"
PS_LIMIT = "10"
# You can specify the ports and/or port ranges that should be tracked by the
# Port Scan Tracking feature. The following setting is a comma separated list
# of those ports and uses the same format as TCP_IN. The default setting of
# 0:65535 covers all ports
PS_PORTS = "0:65535"
# You can select whether IP blocks for Port Scan Tracking should be temporary
# or permanent. Set PS_PERMANENT to "0" for temporary and "1" for permanent
# blocking. If set to "0" PS_BLOCK_TIME is the amount of time in seconds to
# temporarily block the IP address for
PS_PERMANENT = "0"
PS_BLOCK_TIME = "3600"
# Set the following to "1" to enable Port Scan Tracking email alerts, set to
# "0" to disable them
PS_EMAIL_ALERT = "1"
View 9 Replies
View Related
Jul 9, 2008
I just got a new server, and for some reason it is as though it always sends out codes to your browser to completely reload (like hard refresh) all images... Even if you hit "Refresh" in firefox, it wants to reload ALL Images. I uploaded the same EXACT files/webpage that it is doing this to on another server and it treats it normally, Firefox caches it. But on my server it wants to reload the images each and every time.
Tried on multiple computers, same thing.
Anyone know where this 'setting' might be? I do have full access to the server, though I was not the one to set it all up initially.
View 4 Replies
View Related
Mar 4, 2007
This is my list (from my head) of things to install or do on a webhosting server to enhance security (not in any particualr order):
- rkhunter.
- chkrootkit.
- secure /tmp and similars.
- install mod_security.
- install mod_deflate.
- change ssh port.
- disable root login.
- install and tweak apf.
- install bfd.
- setup logwatch.
- add know "bad" IPs to apd list.
- enforce long and secure passwords.
- syctl.conf Hardening
- Mod_LimitIPConn
- System Integrity Monitor
- System Priority
- Process Resource Monitor
- Port Scan Attack Detection
- In php.ini, disable:
exec,system,passthru,readfile,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen
- Prevent Apache and bind to show their versions.
View 5 Replies
View Related
Aug 30, 2007
Just have some questions regarding server settings and security
1) What will happen if
Open_basedir in php.ini is changed to
Open_basedir = /home:/tmp
?
2) What will happen if all hosted users in passwd file are set to /sbin/nologin ???
Dose it effect running the web site?
What are the effects if
Sync if set to /sbin/nologin default is /bin/sync
shutdown if set to /sbin/nologin default is /sbin/shutdown
halt if set to /sbin/nologin default is /sbin/halt
news if set to /sbin/nologin default is empty
netdump if set to /sbin/nologin default is /bin/bash
Mysql if set to /sbin/nologin default is /bin/bash
mailman if set to /sbin/nologin default is /bin/bash
cpanel if set to /sbin/nologin default is /bin/bash
3) How to make /bin/bash in passwd file is the default path for each new user added (automatically) in cpanel/whm server
4) What is the effect if base64_encode and base64_decode if been added in disable functions?
5) How to secure host.conf and nsswitch.conf to prevent DNS lookup poisoning and also provide protection against spoofs?
6) How to secure the system configuration file sysctl.conf to prevent the TCP/IP stack from syn-flood attacks?
7) What is ClamAV and how to disable it?
View 2 Replies
View Related
Oct 30, 2013
* Go to "Web Server Settings" add text to "Additional directives for HTTP" and press button "Ok".
* Go to "Document root" folder of your domain and now you have a new folder "/cgi-bin/test" with file "test.cgi":
Code:
#!/usr/bin/perl
print <<HTML;
Content-type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
[Code] ....
View 13 Replies
View Related
Jun 10, 2015
i would like to change the access control for datebase users via CL: command: /usr/local/psa/bin/database --update-dbuser web1_presta -server localhost:3306 reply: The database user was successfully updated. examination: mysql> select host, user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | web1_presta |
| localhost | web1_oxid |
| localhost | web1_presta |
| localhost | web1_shopware |
| localhost | web1_wp |
+-----------+------------------+
Only when using the GUI:
home -> Subscriptions -> Website & Domains -> Databases -> Users -> web1_wp -> Access control
-> from Allow remote connections from any host
-> to Allow local connections only
is also the user adjusted:
mysql> select host, user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| localhost | web1_oxid |
| localhost | web1_presta |
| localhost | web1_shopware |
| localhost | web1_wp |
+-----------+------------------+
View 2 Replies
View Related
Mar 27, 2013
I'm running Apache 2.4.4 on Windows Server 2008 R2. It's already happened many times that Apache stopped responding to requests. The last entry in the error.log:
[Wed Mar 27 06:22:07.043600 2013] [mpm_winnt:notice] [pid 1736:tid 256] AH00354: Child: Starting 64 worker threads.
[Wed Mar 27 06:52:34.521200 2013] [mpm_winnt:error] [pid 1736:tid 1656] AH00326: Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting
View 1 Replies
View Related
May 18, 2015
I set multiple mail servers (eg media-26.com) in the black list of server-wide mail settings but i still get spams from these mail servers..does it work properly?
View 8 Replies
View Related
May 26, 2014
Since 12.0.18, when I go to Tools & Settings > Mail Server, I get this error message on the page:
"Error: The limits on outgoing mail will not work for the subscriptions that have IP addresses from the white list. To make the limits work, remove IP addresses from the mail server's white list".
However, the whitelist page just contains 127.0.0.0/8 and ::1/128, and all my subscriptions have an external IP address which is clearly not in the whitelist.
View 7 Replies
View Related
Jun 4, 2014
I have just moved away from Kloxo Hosting, and I am a bit confused as to how I go about setting Client domains to use the (Already Registered) Nameserver Records I have created on the server.
You see, when I create a customer, the template adds the domain with it's own nameservers, ex: (ns.customerdomain.com -> 0.0.0.0) I don't want this to be the case.
What I would like to achieve, is for all my client's to have their NS records pointing at the NS records I already have registered on the server.
The reason for this is, when I submit the registration document to my local registrar, I have to specify the nameserver address for the domain, however, I only have 2 IP's on the server. I cannot glue every customer's domain FQDN to an IP.
View 3 Replies
View Related
Dec 22, 2014
After a server migration, some critical Plesk settings were not copied across, even though the option to backup/restore panel configuration was used. e.g.
skeleton (vhosts.skel folder)
php.ini (Program Files (x86)ParallelsPleskAdditionalPleskPHP5* folder)
Default site (vhostsdefault folder)
health config (Program Files (x86)ParallelsPleskadminconfcustom-health-config.xml)
Additional Administrator accounts
Is there a way to get these things to backup and restore that I am doing wrong?
Are there other important settings/data that I have missed from that list? I am still paying to keep the old server in case I discover something else!
Using Plesk Backup & Restore for disaster recovery will lose these settings unless they take extra steps. e.g. I now have a simple batch file that copies these files to a private folder on one of the domains before the daily backup kicks in.
View 1 Replies
View Related
Apr 11, 2009
I'm running a Xeon Quad Core 2.5GHz with 2GB RAM. Comments on my setup for shared hosting? (will upgrade ram if people believe that will help with increase page loadtimes.)
XCACHE:
xcache.shm_scheme = "mmap"
xcache.size = 64M
xcache.count = 5
xcache.slots = 16K
xcache.ttl = 3600
xcache.gc_interval = 7200
xcache.var_size = 64M
xcache.var_count = 5
xcache.var_slots = 16K
xcache.var_ttl = 3600
xcache.var_maxttl = 7200
xcache.var_gc_interval = 300
xcache.test = Off
xcache.readonly_protection = Off
xcache.mmap_path = "/dev/zero"
xcache.coredump_directory = ""
xcache.cacher = On
xcache.stat = On
xcache.optimizer = On
MySQL:
[mysqld]
set-variable = max_connections=500
safe-show-database
old-passwords = 1
skip-networking
skip-name-resolve
skip-external-locking
socket = /var/lib/mysql/mysql.sock
skip-locking
key_buffer = 384M
max_allowed_packet = 1M
table_cache = 5120
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
read_rnd_buffer_size=8M
myisam_sort_buffer_size=64M
thread_cache_size=8
thread_cache=256
query_cache_limit=12M
query_cache_size=512M
thread_concurrency = 8
wait_timeout=120
connect_timeout=30
long_query_time=5
[isamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M
[myisamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M
View 3 Replies
View Related
Feb 27, 2008
MySQL keep giving me error like this:
Warning: mysql_connect() [function.mysql-connect]: Can't create a new thread (errno 11); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug in /home/user/public_html/file.php on line 400
Can't create a new thread (errno 11); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug
My server has 5GB SWAP, 2GB RAM
[my.cnf]
key buffer = 512m
read buffer = 4m
sort buffer = 4m
max connection = 500
i learn using a formula key buffer + (read+sort)*max connection
View 4 Replies
View Related
